Dec 18 2019
02:45 AM
- last edited on
Jan 14 2022
04:35 PM
by
TechCommunityAP
Dec 18 2019
02:45 AM
- last edited on
Jan 14 2022
04:35 PM
by
TechCommunityAP
I have AAD Connect running and cannot sync this one user. Here are some facts
1. User is in an OU that's configured to Sync
2. User is found in the Connector Space for on prem AD
3. User is NOT found in the metaverse search
4. User has correct UPN suffix
5. in the CS I'm able to bring up the properties of the user and generated a full sync preview and even committed it successfully.
So when I force a delta sync... I see nothing at all … no new object add or changes in the logs...
I looked at this article but can't really understand regarding the scoping filters. Everything is default, there should be no filters.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing
Please help with some more detailed troubleshooting? Seems like this user is being skipped for some weird reason....
Dec 18 2019 09:11 AM
Check that these properties are populated on the user account:
Even if the user account is not going to have mail, it can keep the account from syncing.
Dec 18 2019 09:26 AM
It can simply be filtered by one of the default (or custom) rules. You should see which of those affect the object when you run the preview/commit. And do force a Full sync as some changes might not be reflected upon delta.
Dec 19 2019 12:29 AM
@VasilMichev Ok I will check that but how can I tell which rule is applying during the preview? Sorry I'm very new at this
Dec 19 2019 12:37 AM
@VasilMichev When I click Generate Preview...all it says is successful. Then I click on the source object details...it shows whole bunch of stuff on the "NEW VALUE" column and "OLD VALUE" is empty...which is to be expected since this is not syncing yet. And that's all I see...I don't see rules or anything
Dec 19 2019 12:46 AM
@Steve Mahoneythanks so much, I checked and all those attributes are filled out
Dec 19 2019 10:13 AM
Check the documentation for more guidance, including screenshots: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-object-not-syncing#con...
Dec 25 2019 02:37 PM
Solution@VasilMichev Thanks for the article.
I'm really trying to follow this but the verbiage is confusing:
" In the following scoping filter, if the isCriticalSystemObject value is null or FALSE or empty, it's in scope."
When I look at the "In from AD - User Join" and the scoping filter shows isCriticalSystemObject has a value of "TRUE" … so according to the statement above this rule is NOT in scope? the double negative is confusing me, also because User Join sounds like its something that SHOULD be in scope right?
Dec 25 2019 03:03 PM
Dec 25 2019 03:22 PM
Dec 25 2019 03:56 PM
Dec 25 2019 02:37 PM
Solution@VasilMichev Thanks for the article.
I'm really trying to follow this but the verbiage is confusing:
" In the following scoping filter, if the isCriticalSystemObject value is null or FALSE or empty, it's in scope."
When I look at the "In from AD - User Join" and the scoping filter shows isCriticalSystemObject has a value of "TRUE" … so according to the statement above this rule is NOT in scope? the double negative is confusing me, also because User Join sounds like its something that SHOULD be in scope right?